Hardware-bonded credential manager method and system
US8037295B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 15, 2008 |
| Grant date | Oct 11, 2011 |
| Priority date | — |
| Expiry date | Aug 9, 2030 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/08
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An internet data exchange authentication method that can provide much of the user authentication assurance and capability of dedicated computer security cryptographic hardware, without requiring that the user actually have such hardware. This method allows users with computerized devices to communicate securely with secure servers by creating customized challenge-response authentication objects (pockets) where both the challenge and the response is based partially on the hardware identity of the user's computerized device, and partially on a secret (such as a random number) known only by the secure server. The secure server receives the device's hardware identity, generates the secret, creates the pocket, encrypts the pocket, and sends the encrypted pocket back to the user's device. The secure server, or a third trusted credential server, then sends the decryption key for the encrypted pocket back to the user using a different, “out of band” communications modality, thus reducing the chances of interception.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.